package com.a.ims.controller;

import com.a.ims.entity.User;
import com.a.ims.service.AdminlogService;
import com.a.ims.service.UserService;
import com.a.ims.util.R;
import jakarta.servlet.http.HttpSession;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;

import java.util.List;
import java.util.Objects;

@RestController
@RequestMapping("/user")
public class UserController {

    @Autowired
    private UserService userService;
    @Autowired
    private AdminlogService adminlogService;
    //记录日志
    private void log(HttpSession session, String log) {
        User user = (User) session.getAttribute("user");
        adminlogService.log(user.getAdminId(), log);
    }

    @PostMapping("/login")
    public R<User> login(@RequestBody User user, HttpSession session) {
        // 调用userService的login方法
        System.out.println("登录："+user.toString());
        User result = userService.selectByAdminId(user.getAdminId());
        if (result == null) {
            System.out.println("用户名错误");
            return R.error("用户名或密码错误");
        }else {
            // 登录成功
            if (!result.getPasswd().equals(user.getPasswd())) {
                System.out.println("密码错误");
                return R.error("用户名或密码错误");
            }
            System.out.println("登录成功："+result);
            result.setPasswd(null);
            session.setAttribute("user", result);
            return R.ok(result);
        }
    }
    @GetMapping("/getInfo")
    public R<User> getInfo(HttpSession session) {

        System.out.println("获取用户信息");
        User user = (User) session.getAttribute("user");
        if (user == null) {
            System.out.println("用户未登录");
            return R.error("用户未登录");
        }else {
            System.out.println("获取成功："+user);
            return R.ok(user);
        }
    }
    @GetMapping("/logout")
    public R<User> logout(HttpSession session) {
        System.out.println("用户退出");
        session.invalidate();
        return R.ok();
    }

    // 添加用户
    @PostMapping("/addUser")
    public R<User> addUser(@RequestBody User user, HttpSession session) {
        System.out.println("添加用户：" + user.toString());
        User admin = (User) session.getAttribute("user");
        if (admin == null) {
            System.out.println("用户未登录");
            return R.error("用户未登录");
        }
        //判断权限
        if(admin.getPermission() > 1){
            int result = userService.insertUser(user);
            if (result == 1) {
                System.out.println("添加成功");
                //添加日志
                log(session, "添加用户：" + user);
                return R.ok(user);
            } else {
                System.out.println("添加失败");
                return R.error("添加失败");
            }
        }else {
            System.out.println("权限不足");
            return R.error("权限不足");
        }
    }
    // 修改用户
    @PostMapping("/updateUser")
    public R<User> updateUser(@RequestBody User user, HttpSession session) {
        System.out.println("修改用户：" + user.toString());
        User admin = (User) session.getAttribute("user");
        if (admin == null) {
            System.out.println("用户未登录");
            return R.error("用户未登录");
        }

        User oldUser = userService.selectByAdminId(user.getAdminId());
        if (oldUser == null) {
            System.out.println("用户不存在");
            return R.error("用户不存在");
        }
        //自己修改自己的信息
        if (Objects.equals(admin.getAdminId(), user.getAdminId())) {
            //判断越权
            if (user.getAdminId() != null && (!user.getAdminId().equals(admin.getAdminId()))) {
                System.out.println("不能修改自己的权限");
                return R.error("不能修改自己的权限");
            }
            //更改
            int result = userService.updateUser(user);
            if (result == 1) {
                System.out.println("修改成功");
                //更新session
                User newUser = userService.selectByAdminId(user.getAdminId());
                newUser.setPasswd(null);
                session.setAttribute("user", newUser);
                //添加日志
                log(session, "修改用户：" + user);
                return R.ok(user);
            } else {
                System.out.println("修改失败");
                return R.error("修改失败");
            }
        } else {
            //非自己修改自己的信息
            //判断权限
            if (admin.getPermission() > oldUser.getPermission()) {
                //判断越权
                if ((user.getPermission() != null) &&(user.getPermission() >= admin.getPermission())){
                    System.out.println("权限不足");
                }
                //更改
                int result = userService.updateUser(user);
                if (result == 1) {
                    System.out.println("修改成功");
                    //更新session
                    User newUser = userService.selectByAdminId(user.getAdminId());
                    newUser.setPasswd(null);
                    //添加日志
                    log(session, "修改用户：" + user);
                    return R.ok(newUser);
                } else {
                    System.out.println("修改失败");
                    return R.error("修改失败");
                }
            }
            else {
                System.out.println("权限不足");
                return R.error("权限不足");
            }

        }
    }

    // 删除用户
    @PostMapping("/deleteUser")
    public R<User> deleteUser(@RequestBody User user, HttpSession session) {
        System.out.println("删除用户：" + user.toString());
        User admin = (User) session.getAttribute("user");
        if (admin == null) {
            System.out.println("用户未登录");
            return R.error("用户未登录");
        }
        //判断权限
        User oldUser = userService.selectByAdminId(user.getAdminId());
        if(oldUser == null){
            System.out.println("用户不存在");
            return R.error("用户不存在");
        }else if(admin.getPermission() > oldUser.getPermission()){
            int result = userService.deleteUser(user);
            if (result == 1) {
                System.out.println("删除成功");
                //添加日志
                log(session, "删除用户：" + user);
                return R.ok(user);
            } else {
                System.out.println("删除失败");
                return R.error("删除失败");
            }
        }
        else {
            System.out.println("权限不足");
            return R.error("权限不足");
        }
    }
    //获取所有用户
    @PostMapping("/getAllUser")
    public R<List<User>> getAllUser(@RequestBody User user, HttpSession session) {
        System.out.println("获取所有用户:"+user);
        User admin = (User) session.getAttribute("user");
        if (admin == null) {
            System.out.println("用户未登录");
            return R.error("用户未登录");
        }
        //判断权限
        if (admin.getPermission() > 1) {
            List<User> result = userService.getAllUsers(user);
            if (result != null) {
                for(int i=0;i<result.size();i++){
                    if(result.get(i).getPermission()  >= admin.getPermission()){
                        result.get(i).setPasswd("******");
                    }
                }
                System.out.println("获取成功");
                return R.ok(result);
            } else {
                System.out.println("获取失败");
                return R.error("获取失败");
            }
        } else {
            System.out.println("权限不足");
            return R.error("权限不足");
        }
    }
}
